open-menu
closeme
New AWS Lambda Function URL Configuration Created
calendar
Dec 19, 2024
·
attack.initial-access
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
AWS SAML Provider Deletion Activity
calendar
Dec 19, 2024
·
attack.t1078.004
attack.privilege-escalation
attack.t1531
·
Share on:
twitter
facebook
linkedin
copy
Register new Logon Process by Rubeus
calendar
Dec 19, 2024
·
attack.lateral-movement
attack.privilege-escalation
attack.credential-access
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
AWS Key Pair Import Activity
calendar
Dec 19, 2024
·
attack.initial-access
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Always Install Elevated Windows Installer
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
CMSTP UAC Bypass via COM Object Access
calendar
Dec 1, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
attack.t1218.003
attack.g0069
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
Exploiting CVE-2019-1388
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.t1068
cve.2019-1388
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Possible Privilege Escalation via Weak Service Permissions
calendar
Dec 1, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-41379 Exploitation Attempt
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.t1068
cve.2021-41379
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via Service Permissions Weakness
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Potential UAC Bypass Via Sdclt.EXE
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Created as System
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious RazerInstaller Explorer Subprocess
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.t1553
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SYSTEM User Process Creation
calendar
Dec 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.privilege-escalation
attack.t1134
attack.t1003
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Abusing Winsat Path Parsing - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Tools Using ComputerDefaults
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using ChangePK and SLUI
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Consent and Comctl32 - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Disk Cleanup
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using DismHost
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IDiagnostic Profile
calendar
Dec 1, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IEInstal - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using MSConfig Token Modification - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using NTFS Reparse Point - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using PkgMgr and DISM
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Windows Media Player - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass WSReset
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
GCP Access Policy Deleted
calendar
Dec 1, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Application Access Level Modified
calendar
Dec 1, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Processes Spawned by Java.EXE
calendar
Dec 1, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CoercedPotato Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Impersonate Execution
calendar
Nov 25, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1134.001
attack.t1134.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - LocalPotato Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.privilege-escalation
cve.2023-21746
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SysmonEOP Execution
calendar
Nov 25, 2024
·
cve.2022-41120
attack.t1068
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
HackTool - UACMe Akagi Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - Process Hacker Driver Load
calendar
Nov 25, 2024
·
attack.privilege-escalation
cve.2021-21551
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
PUA - Process Hacker Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.discovery
attack.persistence
attack.privilege-escalation
attack.t1622
attack.t1564
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
PUA - System Informer Driver Load
calendar
Nov 25, 2024
·
attack.privilege-escalation
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
PUA - System Informer Execution
calendar
Nov 25, 2024
·
attack.persistence
attack.privilege-escalation
attack.discovery
attack.defense-evasion
attack.t1082
attack.t1564
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
Vulnerable HackSys Extreme Vulnerable Driver Load
calendar
Nov 25, 2024
·
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Vulnerable WinRing0 Driver Load
calendar
Nov 25, 2024
·
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
App Assigned To Azure RBAC/Microsoft Entra Role
calendar
Nov 20, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - EfsPotato Named Pipe Creation
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
HackTool - NoFilter Execution
calendar
Nov 1, 2024
·
attack.privilege-escalation
attack.t1134
attack.t1134.001
·
Share on:
twitter
facebook
linkedin
copy
Elevated System Shell Spawned From Uncommon Parent Location
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
HackTool - WinPwn Execution
calendar
Oct 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.discovery
attack.execution
attack.privilege-escalation
attack.t1046
attack.t1082
attack.t1106
attack.t1518
attack.t1548.002
attack.t1552.001
attack.t1555
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - WinPwn Execution - ScriptBlock
calendar
Oct 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.discovery
attack.execution
attack.privilege-escalation
attack.t1046
attack.t1082
attack.t1106
attack.t1518
attack.t1548.002
attack.t1552.001
attack.t1555
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
Malicious Driver Load
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.t1543.003
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Malicious Driver Load By Name
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.t1543.003
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Potential Process Hollowing Activity
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055.012
·
Share on:
twitter
facebook
linkedin
copy
Vulnerable Driver Load
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.t1543.003
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Vulnerable Driver Load By Name
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.t1543.003
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Whoami.EXE Execution From Privileged Process
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
PwnKit Local Privilege Escalation
calendar
Sep 13, 2024
·
attack.privilege-escalation
attack.t1548.001
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-1675 Print Spooler Exploitation Filename Pattern
calendar
Sep 13, 2024
·
attack.execution
attack.privilege-escalation
attack.resource-development
attack.t1587
cve.2021-1675
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
InstallerFileTakeOver LPE CVE-2021-41379 File Create Event
calendar
Sep 13, 2024
·
attack.privilege-escalation
attack.t1068
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential PrintNightmare Exploitation Attempt
calendar
Sep 13, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574
cve.2021-1675
·
Share on:
twitter
facebook
linkedin
copy
Windows Spooler Service Suspicious Binary Load
calendar
Sep 13, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574
cve.2021-1675
cve.2021-34527
·
Share on:
twitter
facebook
linkedin
copy
Startup/Logon Script Added to Group Policy Object
calendar
Sep 6, 2024
·
attack.privilege-escalation
attack.t1484.001
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Group Policy Abuse for Privilege Addition
calendar
Sep 6, 2024
·
attack.privilege-escalation
attack.t1484.001
·
Share on:
twitter
facebook
linkedin
copy
Certificate Use With No Strong Mapping
calendar
Sep 2, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Scheduled Task Creation
calendar
Sep 2, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploitation Indicators Of CVE-2023-20198
calendar
Sep 2, 2024
·
attack.privilege-escalation
attack.initial-access
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CoercedPotato Named Pipe Creation
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Lazarus APT DLL Sideloading Activity
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
attack.g0032
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Sysmon as Execution Parent
calendar
Sep 2, 2024
·
attack.privilege-escalation
attack.t1068
cve.2022-41120
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via Local Kerberos Relay over LDAP
calendar
Aug 29, 2024
·
attack.privilege-escalation
attack.credential-access
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of Wermgr.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Abuse of Service Permissions to Hide Services Via Set-Service
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Abuse of Service Permissions to Hide Services Via Set-Service - PS
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Abused Debug Privilege by Arbitrary Parent Processes
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Account Tampering - Suspicious Failed Logon Reasons
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Activity From Anonymous IP Address
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
ADCS Certificate Template Configuration Vulnerability
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
ADCS Certificate Template Configuration Vulnerability with Risky EKU
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Addition of SID History to Active Directory Object
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1134.005
·
Share on:
twitter
facebook
linkedin
copy
Always Install Elevated MSI Spawned Cmd And Powershell
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Antivirus PrinterNightmare CVE-2021-34527 Exploit Detection
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
App Granted Privileged Delegated Or App Permissions
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
Application AppID Uri Configuration Changes
calendar
Aug 12, 2024
·
attack.persistence
attack.credential-access
attack.privilege-escalation
attack.t1552
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Application URI Configuration Changes
calendar
Aug 12, 2024
·
attack.t1528
attack.t1078.004
attack.persistence
attack.credential-access
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Application Using Device Code Authentication Flow
calendar
Aug 12, 2024
·
attack.t1078
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Applications That Are Using ROPC Authentication Flow
calendar
Aug 12, 2024
·
attack.t1078
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
APT PRIVATELOG Image Load Pattern
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Aruba Network Service Potential DLL Sideloading
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Atypical Travel
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Audit CVE Event
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
attack.privilege-escalation
attack.t1068
attack.defense-evasion
attack.t1211
attack.credential-access
attack.t1212
attack.lateral-movement
attack.t1210
attack.impact
attack.t1499.004
·
Share on:
twitter
facebook
linkedin
copy
AWS Attached Malicious Lambda Layer
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
AWS Glue Development Endpoint Activity
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
AWS Root Credentials
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS STS AssumeRole Misuse
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.privilege-escalation
attack.t1548
attack.t1550
attack.t1550.001
·
Share on:
twitter
facebook
linkedin
copy
AWS STS GetSessionToken Misuse
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.privilege-escalation
attack.t1548
attack.t1550
attack.t1550.001
·
Share on:
twitter
facebook
linkedin
copy
AWS Suspicious SAML Activity
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1078
attack.lateral-movement
attack.t1548
attack.privilege-escalation
attack.t1550
attack.t1550.001
·
Share on:
twitter
facebook
linkedin
copy
Azure AD Threat Intelligence
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes CronJob
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.003
attack.privilege-escalation
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Global Permission Changed
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Buffer Overflow Attempts
calendar
Aug 12, 2024
·
attack.t1068
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC Using DelegateExecute
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC Using SilentCleanup Task
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC via CMSTP
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
attack.t1218.003
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC via Fodhelper.exe
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC via WSReset.exe
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Certificate-Based Authentication Enabled
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Changes to Device Registration Policy
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1484
·
Share on:
twitter
facebook
linkedin
copy
Changes To PIM Settings
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Cisco BGP Authentication Failures
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Cisco LDP Authentication Failures
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Named Pipe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Named Pipe Pattern Regex
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Named Pipe Patterns
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
stp.1k
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Service Installations - Security
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.lateral-movement
attack.t1021.002
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Service Installations - System
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.lateral-movement
attack.t1021.002
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Code Injection by ld.so Preload
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1574.006
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Blocked Driver Load With Revoked Certificate
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Blocked Image Load With Revoked Certificate
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Blocked Image/Driver Load For Policy Violation
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Disallowed File For Protected Processes Has Been Blocked
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Revoked Image Loaded
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Revoked Kernel Driver Loaded
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Unmet WHQL Requirements For Loaded Kernel Module
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Unsigned Image Loaded
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Unsigned Kernel Module Loaded
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
COM Hijack via Sdclt
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1546
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Creation Of Non-Existent System DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
CVE-2022-24527 Microsoft Connected Cache LPE
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1059.001
cve.2022-24527
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DiagTrackEoP Default Login Username
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
DLL Search Order Hijackig Via Additional Space in Path
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DLL Sideloading Of ShellChromeAPI.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DotNet CLR DLL Loaded By Scripting Applications
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Driver Load From A Temporary Directory
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Enabling COR Profiler Environment Variables
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.012
·
Share on:
twitter
facebook
linkedin
copy
Exploiting SetupComplete.cmd CVE-2019-1378
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1068
attack.execution
attack.t1059.003
attack.t1574
cve.2019-1378
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Function Call From Undocumented COM Interface EditionUpgradeManager
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Github New Secret Created
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Github Self Hosted Runner Changes Detected
calendar
Aug 12, 2024
·
attack.impact
attack.discovery
attack.collection
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
attack.t1526
attack.t1213.003
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Github SSH Certificate Configuration Changed
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Kubernetes CronJob
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.credential-access
attack.discovery
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.t1110
attack.t1201
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Default PowerSploit/Empire Scheduled Task Creation
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.s0111
attack.g0022
attack.g0060
car.2013-08-001
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - DiagTrackEoP Default Named Pipe
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Empire PowerShell UAC Bypass
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Koh Default Named Pipe
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.credential-access
attack.t1528
attack.t1134.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Powerup Write Hijack DLL
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpDPAPI Execution
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1134.001
attack.t1134.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpImpersonation Execution
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1134.001
attack.t1134.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpUp PrivEsc Tool Execution
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1615
attack.t1569.002
attack.t1574.005
·
Share on:
twitter
facebook
linkedin
copy
HackTool - winPEAS Execution
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1082
attack.t1087
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Huawei BGP Authentication Failures
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Important Scheduled Task Deleted/Disabled
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Impossible Travel
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Interactive AT Job
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Invalid PIM License
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Juniper BGP Missing MD5
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Scheduled Task Creation
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
KDC RC4-HMAC Downgrade CVE-2022-37966
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
KrbRelayUp Service Installation
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
Kubernetes CronJob/Job Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Kubernetes Rolebinding Modification
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Kubernetes Unauthorized or Unauthenticated Access
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Linux Capabilities Discovery
calendar
Aug 12, 2024
·
attack.collection
attack.privilege-escalation
attack.t1123
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Linux Doas Conf File Creation
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Linux Doas Tool Execution
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
LiveKD Driver Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
LiveKD Driver Creation By Uncommon Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
LiveKD Kernel Memory Dump File Created
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Loading of Kernel Module via Insmod
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1547.006
·
Share on:
twitter
facebook
linkedin
copy
MacOS Emond Launch Daemon
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.014
·
Share on:
twitter
facebook
linkedin
copy
Malicious DLL File Dropped in the Teams or OneDrive Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Malicious Named Pipe Created
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Malicious Usage Of IMDS Credentials Outside Of AWS Infrastructure
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1078
attack.t1078.002
·
Share on:
twitter
facebook
linkedin
copy
Malware Shellcode in Verclsid Target Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Mavinject Inject DLL Into Running Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055.001
attack.t1218.013
·
Share on:
twitter
facebook
linkedin
copy
Meterpreter or Cobalt Strike Getsystem Service Installation - Security
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1134.001
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
Meterpreter or Cobalt Strike Getsystem Service Installation - System
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1134.001
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Office DLL Sideload
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Modify Group Policy Settings
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1484.001
·
Share on:
twitter
facebook
linkedin
copy
Modify Group Policy Settings - ScriptBlockLogging
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1484.001
·
Share on:
twitter
facebook
linkedin
copy
Modify User Shell Folders Startup Value
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Moriya Rootkit - System
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Moriya Rootkit File Created
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
New Country
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
New Kernel Driver Via SC.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
New PDQDeploy Service - Client Side
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
New PDQDeploy Service - Server Side
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
New Root Certificate Authority Added
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
New Service Creation Using PowerShell
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
New Service Creation Using Sc.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
New TimeProviders Registered With Uncommon DLL Name
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1547.003
·
Share on:
twitter
facebook
linkedin
copy
Nimbuspwn Exploitation
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
OMIGOD HTTP No Authentication RCE
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.initial-access
attack.execution
attack.lateral-movement
attack.t1068
attack.t1190
attack.t1203
attack.t1021.006
attack.t1210
·
Share on:
twitter
facebook
linkedin
copy
OMIGOD SCX RunAsProvider ExecuteScript
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.initial-access
attack.execution
attack.t1068
attack.t1190
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
OMIGOD SCX RunAsProvider ExecuteShellCommand
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.initial-access
attack.execution
attack.t1068
attack.t1190
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
Password Provided In Command Line Of Net.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.lateral-movement
attack.t1021.002
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Path To Screensaver Binary Modified
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.002
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Sticky Key Backdoor
calendar
Aug 12, 2024
·
attack.t1546.008
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
PIM Alert Setting Changes To Disabled
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
PIM Approvals And Deny Elevation
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Possible Coin Miner CPU Priority Param
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Potential 7za.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Access Token Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1134.001
stp.4u
·
Share on:
twitter
facebook
linkedin
copy
Potential Antivirus Software DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential appverifUI.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential AVKkid.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Azure Browser SSO Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential BearLPE Exploitation
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1053.005
car.2013-08-001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CCleanerDU.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential CCleanerReactivator.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Chrome Frame Helper DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential CobaltStrike Service Installations - Registry
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.lateral-movement
attack.t1021.002
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-21554 QueueJumper Exploitation
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.execution
cve.2023-21554
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2024-3400 Exploitation - Palo Alto GlobalProtect OS Command Injection
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
cve.2024-3400
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of DBGCORE.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of DBGHELP.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of KeyScramblerIE.DLL Via KeyScrambler.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of Libcurl.DLL Via GUP.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of Non-Existent DLLs From System Folders
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via ClassicExplorer32.dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via comctl32.dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via JsSchHlp
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Dridex Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
attack.discovery
attack.t1135
attack.t1033
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential EACore.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Edputil.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Goopdate.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Iviewers.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Libvlc.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Malicious Usage of CloudTrail System Manager
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1566
attack.t1566.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Meterpreter/CobaltStrike Activity
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1134.001
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Mfdetours.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via GlobalFlags
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.defense-evasion
attack.t1546.012
car.2013-01-002
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Netsh Helper DLL
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1546.007
attack.s0108
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via PowerShell User Profile Using Add-Content
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.013
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Security Descriptors - ScriptBlock
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation Attempt Via .Exe.Local Technique
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation Using Symlink Between Osk and Cmd
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1546.008
·
Share on:
twitter
facebook
linkedin
copy
Potential Raspberry Robin Aclui Dll SideLoading
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Rcdll.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential RjvPlatform.DLL Sideloading From Default Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential RjvPlatform.DLL Sideloading From Non-Default Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential RoboForm.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential ShellDispatch.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Shim Database Persistence via Sdbinst.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Potential SmadHook.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential SolidPDFCreator.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Activity Using SeCEdit
calendar
Aug 12, 2024
·
attack.discovery
attack.persistence
attack.defense-evasion
attack.credential-access
attack.privilege-escalation
attack.t1562.002
attack.t1547.001
attack.t1505.005
attack.t1556.002
attack.t1562
attack.t1574.007
attack.t1564.002
attack.t1546.008
attack.t1546.007
attack.t1547.014
attack.t1547.010
attack.t1547.002
attack.t1557
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Potential System DLL Sideloading From Non System Locations
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential SystemNightmare Exploitation Attempt
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1068
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Vivaldi_elf.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Waveedit.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Wazuh Security Platform DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential WWlib.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process of KeyScrambler.exe
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1203
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Event Viewer Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Profile Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.013
·
Share on:
twitter
facebook
linkedin
copy
PowerShell ShellCode
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell WMI Persistence
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
Privileged Account Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Process Creation Using Sysnative Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Process Explorer Driver Creation By Non-Sysinternals Binary
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Process Monitor Driver Creation By Non-Sysinternals Binary
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
ProcessHacker Privilege Elevation
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
PSEXEC Remote Execution File Artefact
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.privilege-escalation
attack.execution
attack.persistence
attack.t1136.002
attack.t1543.003
attack.t1570
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
PUA - AdvancedRun Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1564.003
attack.t1134.002
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
PUA - AdvancedRun Suspicious Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - Wsudo Suspicious Execution
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Rare Remote Thread Creation By Uncommon Source Image
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Regedit as Trusted Installer
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation By Uncommon Source Image
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation In Uncommon Target Image
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055.003
·
Share on:
twitter
facebook
linkedin
copy
Renamed Mavinject.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055.001
attack.t1218.013
·
Share on:
twitter
facebook
linkedin
copy
Roles Activated Too Frequently
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Roles Activation Doesn't Require MFA
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Roles Are Not Being Used
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Roles Assigned Outside PIM
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
RottenPotato Like Attack Pattern
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.credential-access
attack.t1557.001
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Registered COM Objects
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Cron Task/Job - Linux
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Cron Task/Job - MacOs
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Creation Via Schtasks.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.t1053.005
attack.s0111
car.2013-08-001
stp.1u
·
Share on:
twitter
facebook
linkedin
copy
SCM Database Privileged Operation
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Sdclt Child Processes
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Security Privileges Enumeration Via Whoami.EXE
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Service DACL Abuse To Hide Services Via Sc.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Service Installation in Suspicious Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
car.2013-09-005
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Service Installation with Suspicious Folder Pattern
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
car.2013-09-005
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Service Installed By Unusual Client - Security
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
Service Installed By Unusual Client - System
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
Service Registry Key Read Access Request
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Service Security Descriptor Tampering Via Sc.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
ServiceDll Hijack
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Shell Open Registry Keys Manipulation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
attack.t1546.001
·
Share on:
twitter
facebook
linkedin
copy
Shell Process Spawned by Java.EXE
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Sliver C2 Default Service Installation
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
SOURGUM Actor Behaviours
calendar
Aug 12, 2024
·
attack.t1546
attack.t1546.015
attack.persistence
attack.privilege-escalation
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Stale Accounts In A Privileged Role
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Standard User In High Privileged Group
calendar
Aug 12, 2024
·
attack.credential-access
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Startup Item File Created - MacOS
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1037.005
·
Share on:
twitter
facebook
linkedin
copy
Sticky Key Like Backdoor Execution
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1546.008
car.2014-11-003
car.2014-11-008
·
Share on:
twitter
facebook
linkedin
copy
Sticky Key Like Backdoor Usage - Registry
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1546.008
car.2014-11-003
car.2014-11-008
·
Share on:
twitter
facebook
linkedin
copy
Sudo Privilege Escalation CVE-2019-14287
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1068
attack.t1548.003
cve.2019-14287
·
Share on:
twitter
facebook
linkedin
copy
Sudo Privilege Escalation CVE-2019-14287 - Builtin
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1068
attack.t1548.003
cve.2019-14287
·
Share on:
twitter
facebook
linkedin
copy
Suspect Svchost Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Browser Activity
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of SQL Server
calendar
Aug 12, 2024
·
attack.t1505.003
attack.t1190
attack.initial-access
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of Veeam Dabatase
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Debugger Registration Cmdline
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.008
·
Share on:
twitter
facebook
linkedin
copy
Suspicious GetTypeFromCLSID ShellExecute
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Suspicious New Service Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious NTLM Authentication on the Printer Spooler Service
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.credential-access
attack.t1212
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Printer Driver Empty Manufacturer
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1574
cve.2021-1675
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Processes Spawned by WinRM
calendar
Aug 12, 2024
·
attack.t1190
attack.initial-access
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious RunAs-Like Flag Combination
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Creation
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Update
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious ScreenSave Change by Reg.exe
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1546.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service DACL Modification Via Set-Service Cmdlet - PS
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service Installation
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
car.2013-09-005
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service Installation Script
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
car.2013-09-005
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service Path Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Shells Spawn by Java Utility Keytool
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SQL Query
calendar
Aug 12, 2024
·
attack.exfiltration
attack.initial-access
attack.privilege-escalation
attack.t1190
attack.t1505.001
·
Share on:
twitter
facebook
linkedin
copy
Third Party Software DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Too Many Global Admins
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Triple Cross eBPF Rootkit Execve Hijack
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Abusing Winsat Path Parsing - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Abusing Winsat Path Parsing - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using .NET Code Profiler on MMC
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Consent and Comctl32 - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Event Viewer RecentViews
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using EventVwr
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IDiagnostic Profile - File
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IEInstal - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Iscsicpl - ImageLoad
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using MSConfig Token Modification - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using NTFS Reparse Point - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Windows Media Player - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Windows Media Player - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using WOW64 Logger DLL Hijack
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass via Event Viewer
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass via ICMLuaUtil
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass via Sdclt
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass via Windows Firewall Snap-In Hijack
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Via Wsreset
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass With Fake DLL
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Disabled
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Notification Disabled
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Secure Desktop Prompt Disabled
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Extension Shim Database Installation Via Sdbinst.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Uncommon One Time Only Scheduled Task At 00:00
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Process Access Rights For Target Image
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055.011
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Service Installation Image Path
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
car.2013-09-005
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Unfamiliar Sign-In Properties
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Unsigned Mfdetours.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
User Added To Admin Group Via Dscl
calendar
Aug 12, 2024
·
attack.initial-access
attack.privilege-escalation
attack.t1078.003
·
Share on:
twitter
facebook
linkedin
copy
User Added To Admin Group Via DseditGroup
calendar
Aug 12, 2024
·
attack.initial-access
attack.privilege-escalation
attack.t1078.003
·
Share on:
twitter
facebook
linkedin
copy
User Added To Admin Group Via Sysadminctl
calendar
Aug 12, 2024
·
attack.initial-access
attack.privilege-escalation
attack.t1078.003
·
Share on:
twitter
facebook
linkedin
copy
User Added to an Administrator's Azure AD Role
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098.003
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
User Added to Local Administrator Group
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1078
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
User Added To Privilege Role
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
User Added To Root/Sudoers Group Using Usermod
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
User Couldn't Call a Privileged Service 'LsaRegisterLogonProcess'
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.privilege-escalation
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
User State Changed From Guest To Member
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.initial-access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Users Added to Global or Device Admin Roles
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
VMGuestLib DLL Sideload
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
VMMap Signed Dbghelp.DLL Potential Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
VMMap Unsigned Dbghelp.DLL Potential Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
VsCode Powershell Profile Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.013
·
Share on:
twitter
facebook
linkedin
copy
Vulnerable Netlogon Secure Channel Connection Allowed
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Win Susp Computer Name Containing Samtheadmin
calendar
Aug 12, 2024
·
cve.2021-42278
cve.2021-42287
attack.persistence
attack.privilege-escalation
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Windows Kernel Debugger Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
WMI ActiveScriptEventConsumers Activity Via Scrcons.EXE DLL Load
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.privilege-escalation
attack.persistence
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
WMI Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
WMI Persistence - Script Event Consumer
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
WMI Persistence - Security
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
to-top